[Commotion-dev] Commotion and Shell Shock
Griffin Boyce
griffin at cryptolab.net
Thu Sep 25 10:59:10 EDT 2014
Dan Staples wrote:
> The news about the Shell Shock/Bash bug[1] has gotten pretty big now.
> There's also a lot of rhetoric about this being a bigger deal than the
> Heartbleed vulnerability. I am wondering if it's worth putting up a
> quick blog post on the Commotion website that the router firmware is
> *not* vulnerable (since OpenWRT comes with the ash shell by default
> rather than bash).
I would -- given that everything from Ubuntu to Rails apps to sites
that generate their own captchas with ImageMagick are vulnerable,
Commotion is one of the few projects that *isn't* vulnerable to this
bug.
Commotion evaded both Heartbleed (cyassl) and ShellShock (ash), which
is pretty awesome =)
best,
Griffin
--
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman
More information about the Commotion-dev
mailing list